Loblaw (TSX:L) has urged its PC Plus users to not only change, but to use strong passwords that can’t be easily guessed after it was confirmed by the company that points were stolen from some members’ accounts.
While Loblaw has promised it will be reimbursing affected members, it has urged members to ensure that they take security of their accounts seriously, use passwords that are very strong and are not used on any other service, refrain from using guessable passwords and follow security best practices regarding their accounts.
In a statement Kevin Groh, Loblaw’s vice-president of corporate affairs and communication said that the security incident is being categorized as a security breach because individual member accounts were accessed and points were stolen from their accounts. Groh added that the security breach occurred because people were using usernames and passwords they have already been using with other services and across multiple sites. According to Groh, the credentials were stolen from other sites and used to access PC Plus accounts.
Loblaw has said that it will not be able to disclose how many accounts lost points as the company is still working with its members to reinstate the lost points. Loblaw sent out an email to all its members irrespective of whether they were affected by the security breach or not urging them to update their passwords and use strong and unique passwords. Loblaw also notified law enforcement.
Loblaw asked its members to create unique passwords that are made up of combination of letters, numbers and characters, and also urged them to change them frequently and not to use them with any other service.
Groh said Loblaw’s IT security team is monitoring unusual activity and is investigating any possibility of underlying IT vulnerabilities.